Phishing Simulations and Cyber Awareness

Info Security  (May 2022 – Aug 2022)

Designed phishing emails with PishMe software for testing employees’ cyber security awareness and identifying possible human errors. 

During the first part of the project I was targeting departments with sophisticated spear phishing emails, such as invoice or login links, specifically created for targeted department. 

During the second part of the project I was targeting the same departments with general phishing emails, i.e. Outlook mailbox being full. Results showed that employees were more susceptible to basic general phishing attacks and were very careful and immune to spear phishing attacks.

Thanks to this project the Chief Information Officer and Associate Director for Technical Services were able to modify and implement new cyber security awareness training for strengthening the company’s security.

Endpoint Manager implementation – Info Security

Info Security

As part of migrating from on-premises to cloud and improving security and monitoring systems, the Taconic IT infrastructure team was looking to implement an Endpoint Manager system.

I worked on understanding the software and analyzing how it can increase the security of the company’s users and assets as well as meet organizations goals. 

Through my research and meeting with consultants, I designed an outline of best practices to migrate users and assets into Endpoint system and set up policies and procedures for access control and reports. With this document, the infrastructure team was able to proceed with an Endpoint Manager implementation without business interruption as well as set up BitLocker for asset protection as more employees were starting to work remotely.

MFA implementation on VPN – Info Security

Info Security

In a three-team project group, I worked on assisting with testing of Duo multi factor authentication implementation in PulseSecure VPN software for 300+ remote users. As part of implementing higher security measures for remote workers, my team was tasked with upgrading security protocols for VPN connections. 

First part of the project was identifying remote users and assigning them to a specific group in Active Directory for easier policy implementation. Additionally, I worked with each remote worker individually to assist with software updates. 

Second part of the project included testing the MFA Duo solution for VPN internally with other team members and working with Duo engineers to create efficient and most user-friendly experience for our employees. 

Last part was final testing and creating documentation for employees to enroll their devices and use multi-factor authentication while working remotely. 

As a result of this project, the IT infrastructure team was able to roll out new policy with only 5% (expected at least 20%) users reporting issues or having trouble with following documentation, and successful push of improved and secure VPN connection.